Common Problems & Fixes For Port Forwarding.
By Shane C. of PcWinTech.com
Port forwarding can sometimes be a rather big pain in the butt. Depending on which router the person has (Some routers are easier than others at setting up port forwarding rules) it can be easy to setup, but not easy to get working. On this page I will go over the most common problems I find when helping people get their port forwarding working and how to fix them. If you would like to know more about what port forwarding is you can check out my page "Port Forwarding in a Nutshell"
Rule # 1 on Testing Port Forwarding:
When testing your port forwarding to your computer make sure to use my Port tester program and not an online port tester.
"Most online port testers fail no matter what if nothing accepts their connection attempt. This port tester program will open the port on the system it is running on and listen for a connection from this site. So when the port tester program says the ports are open you can count that they are :-)"
The port tester is only for testing to your computer, not to other devices, because it has to open the port on the system to listen for a connection. So the port tester is of no use if testing say your DVR or something else other than the computer.
The port tester will also show your computers local IP, so this helps to make sure that you have the right IP in the port forwarding rule.
More than 1 router.
The most common problem I come across is people who are behind 2 or more
routers and don't realize it. Thankfully, it is easy to identify if you are
behind more than one router and easy to fix :-)
(UPDATE: I have now made a tool to help detect if you are behind multiple routers. http://www.pcwintech.com/shanes-toolbox
I have also added this tool to the Simple Port Forwarding program under the tools menu)
- The first step is to log into your router, then find the status page. The status
page normally shows the WAN or Internet IP address. The address should be the
same as your internet IP that shows up on the
- If it is not (some ISP's put people behind a proxy to block p2p) it may be a local IP address, which means it is getting it's IP from another router.
- In this case the gateway is the same as the other router's IP address.
- Use this address to log into your 2nd router just like you did your with your current router.
- Why would you need to log into the other router? Easy, give this a read "How
To Setup Two or More Routers Together".
As you can see by this example this routers internet IP is a local address, this means we are behind another router.
So in this case I logged into this router using http://192.168.1.1 and to log into the other router I would use http://192.168.1.254 (The gateway address in the picture)
So here is a quick step by step.
Step 1. Login into your Router
Step 2. Find the status page that shows the WAN/Internet IP address and write it down.
Step 3. Log into the first router/modem now.
Step 4. Find the DMZ page
Step 5. Enter the IP you wrote down into the DMZ page and enable DMZ.
Step 6. Save and your done.
Thankfully it is easy to get port forwarding if this is happening. We simply tell the first router to send all incoming connections to the 2nd router where the port forwarding rules are. Follow the guide and multiple routers will no longer be a problem.
Wrong IP address in the port forwarding rule.
Ok, so lets say you are not behind a 2nd router, or you already fixed it if you where. Yet your port forward test still fails. Another problem is in the port forwarding rule itself. Most routers, like Linksys, only let you put in the last part of the IP address to forward to (making sure the user doesn't put in an internet IP instead). While other routers let you put the whole IP in (Some users accidentaly put the internet IP instead of the Local IP in). People can get confused on what IP address they should put in. Other times people may want to make a port forwarding rule for their PS3 or Xbox and put the wrong IP in as well.
To make sure the port forwarding rule is working correctly, the IP address of the rule should point to the computer, or machine, you want the connection to go to. Some users have put internet IP's in or just the wrong IP all together (Such as putting their computers IP in when they want the IP from their Xbox).
So lets say I want to make a port forwarding rule that sends an incoming connection to my PS3. I log into my PS3, go to the network status and find what IP it has. This will be the IP I put into the rule. I will not use the IP of my computer or the IP of the server I want to connect to.
Now some of you may say (my fellow techs out there) "Why on earth would someone put the wrong IP like that in?" well you need to remember that a lot of home users are new to port forwarding and IP addresses. They don't always understand the differences between a LAN ( a local network) and a WAN (the internet). They simply need to learn, and then they will handle things just fine. :-) After all we all started at some point, better late then never!
Firewall settings in the router.
Some of the newer routers are coming out with more firewall options built into the router. Some of these options do not let any incoming connections in even if a port forwarding rule is already in place. Thankfully the routers that have the extra firewall options come with good information on the page about which setting you should use to allow port forwarding to work.
Normally you can just turn off the firewall or just put it at its minimum setting. Your computer will still be protected. A router is a hardware based firewall already, the firewall options in the router are simply more options to better control things if needed. (Of course many routers are different, some are very advanced and others are rather simple)
Here is an example from a router from Verizon and its firewall options.
As you can see if it is set any higher than minimum security that all the
inbound policies (the port forwarding rules) will be rejected and port
forwarding wont work.
So now you know to check and see if your router has any firewall options that might be blocking the port forwarding rules.
Here is an example from a Zyxel Router and its firewall options.
As for this example you will see the WAN (Internet) to LAN (Your Computer) is
set to block. This will keep port forwarding from working.
Set it to Forward and hit apply.
Here is an example from a rather Common Router and its firewall options.
As for this example the SPI options blocks all the port forwarding. So this needs to be disabled.
Routers differ in their firewall rules and settings. Make sure to check for any firewall settings in your router to see if anything is set to block incoming connections.
Firewalls in Windows, Linux & Mac
I have also found that some home users don't realize they have a firewall installed in the first place. A lot of the antivirus packages out there come with built in firewalls as part of the antivirus. So users think they have antivirus but don't realize it is also a firewall. So when a warning pops up about a program trying to connect to the net they seem to like to hit block by default, thus breaking things more than helping.
I have also helped users who uninstalled their firewall software but it didn't remove properly. So the firewall drivers where left behind and blocked all incoming connections. So the user had to dig in and get them removed before port forwarding would even work.
For a user who doesn't understand how or what a firewall is used for, they should not have one installed if they are behind a router anyways. Remember a router is a hardware based firewall, it blocks incoming connections except those allowed through by the port forwarding rules. In cases like this the only real reason to have a software based firewall installed is to block programs from connecting to the net. Now this is great for us techs who understand and know what will happen if we block a program. But to many times I have had to go to a customers home and fix their system because the firewall had blocked Windows, their email or something important from even getting on the net. The user was told to click block on everything (who ever told them that should be slapped lol) so since they didn't know what the file or program was for what they ended up pretty much killing their own internet connection. So you can see my frustration with software firewalls for people who don't know how to use them.
With all that being said double check that the firewall you have installed isn't blocking the program or port you need open. The built in Windows firewall can be a pain as well, but normally does not cause the problems that many user installed software firewalls cause. But never the less, make sure the windows firewall allows either the port or program through as well.
Corrupted/Broken Windows Firewall
If the windows firewall is corrupted or broken this will keep port forwarding from working as well. I helped a user who was not behind any routers, was connected directly to the modem. No firewall software of any kind installed, heck he didn't even have a antivirus (He had one by the time I was done helping him hehe).
While looking into his system trying to find out what was blocking the connections I noticed the Windows firewall service was off. When I went to turn it back on it failed. Digging more into it the WMI was corrupted which kept the Windows firewall from working properly. Once I fixed the WMI problem for him the firewall then started working right. After that his ports all worked fine. The Windows firewall is tied into the system more than some people realize, and even if disabled it can still cause problems. So making sure the Windows firewall is working right makes a very big difference.
This is a page I found showing how to repair WMI http://windowsxp.mvps.org/repairwmi.htm
(UPDATE: I have now made a tool to repair WMI & The Windows Firewall. http://www.pcwintech.com/shanes-toolbox)
Wrong Connection Type Setting
There are a lot of modem/routers such as DSL and Voice that allow you to have
multiple WAN/Internet connections in the router.
Here is an example.
So now on the port forwarding page of these types of routers you can set
which WAN connection the rule is for.
So you have to figure out which you need and that's simple :-)
Simply go to the port check page here http://www.pcwintech.com/port_test.php
This page will show you what your internet IP is, so now you check which WAN connection in your router has the IP from the port test page and then you make sure the port forwarding rules are using that WAN connection.
Wrong or Multiple Computer Name's
There are a lot of modem/routers that have you choose your computer's name for the port forwarding rule instead of putting an IP address. The problem with this is some times they will have your computer name listed multiple times, and each computer name points to a different IP. So if you choose the wrong one the port forwarding rules won't work.
In the Thomson you have to go to the device list and remove the extra
entries. The 2wire doesn't give that option, rebooting the routers may help
clear the extra entries.
So keep this in mind, I have seen this keep port forwarding from working since the computer name has a different IP than what your computer actually has.
Let me give an example of what I am talking about.
Lets say I have a Thomson router, I go to add a port forwarding rule and my
computer name shows up 3 times in the device list. Which one do I choose?
Well at that point you need to go to the device list and see what IP each one has. Check what your local IP is and remove the extra ones that don't match.
If you can't remove them just make sure to choose the one that points to your correct local IP. Then your port forwarding will be fine at that point. If you choose the wrong one it will be pointing to a different local ip and so of course your port forwarding won't work.
Same Port in Multiple Rules
There are some routers such as Linksys, D-Link and many others that do not do any checks if a port is already in another port forwarding rule. A port can only be forwarded to one Computer/IP at a time. So when there are multiples of the same port number the port forwarding rule will not work.
Here is an example.
As you can see port 2350 is in 2 rules. The 1st one points to a different IP
than that of the 2nd rule. So the router will honor the 1st rule and the 2nd
port forwarding rule to port 2350 fails.
By removing the 1st rule the 2nd one will now work.
DMZ is Enabled
DMZ is a open all ports rule. And on most routers it over rides the port forwarding rules. So if you have DMZ enabled and it isn't pointing to the machine you need the ports open on, then this will create problems. So if your setting up port forwarding rules, make sure DMZ is disabled.
I have found there are also some simple things you can do as well to get
things working. (Here is one example:
So follow some of these tips and they may help you out.
#1. Some routers need to be rebooted after settings have been applied. Either by design or by a bug this some times helps. My Netgear here at home normally doesn't have any trouble, but every now and then when I set up a new port forwarding rule it wont work till I reboot the router. So all you need to do is pull the power cord, wait a few sec. Then plug it back in. Make sure to give it time to come back up before you test again.
#2. Turn ON windows firewall! Believe it or not, I have helped a few people where the port forwarding wouldn't work with the firewall off in windows. No other firewall was installed. So when I was scratching my heading trying to fig out what was going on I decided to turn the firewall back on, add the ports to the firewall to let them through and it worked! So this is also another thing you can try. (I still cant explain it myself)
#3. As per #2 if you use only the windows firewall try adding the ports your forwarding to it, not just the program that is going to use them. The simple port forwarding program makes this easy with one click on the tools menu. I have helped a few people where once the ports where added everything worked fine. If you haven't been able to tell, the windows firewall can be a bit strange on some systems!
#4. Scan your system for malware & viruses. Yes I know this is a easy answer but let me explain. There is some malware out there that installs a network driver that hijacks your connection, and every webpage you go to gets redirected to an advertisement. This shows that malware, viruses and other things can easily hijack the network and really screw things up. Download www.malwarebytes.org and have it scan your system. And for antivirus I am a fan of both Avast & Avira, both free for home users! and according to http://www.av-comparatives.org/ they do a good job as well.
#5. This is for you Verizon users out there. I was helping a user not to long ago with a Verizon modem/router. No port forwarding of any kind would work and every time we added a new rule the router complained the port was already in another rule (Even though the user had no other rules set up). What it turned out to be was while I was looking at the page I noticed the Verizon tech had setup the port forward rule that goes to the tv to use the Any -> Any port (This rule can't be changed by the user). Which is every port! the tv only needs one port, so once the user called Verizon they hopped on, fixed the rule and port forwarding was working again :-)
#6. Keep in mind that sometimes the router it self may be bad and even the Windows networking can be as well. Now these do happen, but they don't happen much. But it is always possible! A few users have had routers with bugs in the firmware where no port forwarding rule would take. Bugs do happen in routers, that's why they make updates to the firmware :-) And with Windows it is always possible things can get out of whack and messed up as well.
As I come across more problems I will update this page with the fixes and what to do. By doing so I hope to help the users who are having trouble and just need a little help to get going.